package com.mszlu.blog.admin.service;

import com.mszlu.blog.admin.pojo.Admin;
import com.mszlu.blog.admin.pojo.Permission;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;

@Service
public class AuthService {

    @Autowired
    private AdminService adminService;

    public boolean auth(HttpServletRequest request, Authentication authentication){
        //权限认证

        String requestURI = request.getRequestURI();


        Object principal = authentication.getPrincipal();

        if (principal==null||"anonymousUser".equals(principal)){
            return false;
        }
        UserDetails userDetails=(UserDetails) principal;
        String username = userDetails.getUsername();
        Admin admin = adminService.findAdminByUsername(username);

        if (admin==null){
            return false;
        }

        if (admin.getId()==1){
            return true;
        }
        Long id = admin.getId();
        List<Permission> permissionList=adminService.findPermissionByAdminId(id);
        requestURI=requestURI.split(requestURI,'?')[0];

        for (Permission permission : permissionList) {

            if (requestURI.equals(permission.getPath())){
                return true;
            }
        }

        return false;

    }
}
